diff options
-rw-r--r-- | lib/libc/posix1e/Makefile.inc | 4 | ||||
-rw-r--r-- | lib/libc/posix1e/mac_biba.c | 218 | ||||
-rw-r--r-- | lib/libc/posix1e/mac_internal.h | 50 | ||||
-rw-r--r-- | lib/libc/posix1e/mac_mls.c | 218 | ||||
-rw-r--r-- | lib/libc/posix1e/mac_sebsd.c | 67 | ||||
-rw-r--r-- | lib/libc/posix1e/mac_te.c | 69 | ||||
-rw-r--r-- | lib/libc/posix1e/mac_text.c | 194 |
7 files changed, 5 insertions, 815 deletions
diff --git a/lib/libc/posix1e/Makefile.inc b/lib/libc/posix1e/Makefile.inc index abac906..3388c8f 100644 --- a/lib/libc/posix1e/Makefile.inc +++ b/lib/libc/posix1e/Makefile.inc @@ -19,14 +19,10 @@ SRCS+= acl_calc_mask.c \ acl_to_text.c \ acl_valid.c \ extattr.c \ - mac_biba.c \ mac_free.c \ mac_is_present_np.c \ mac_get.c \ - mac_mls.c \ - mac_sebsd.c \ mac_set.c \ - mac_te.c \ mac_text.c .if ${LIB} == "c" diff --git a/lib/libc/posix1e/mac_biba.c b/lib/libc/posix1e/mac_biba.c deleted file mode 100644 index 7d32480..0000000 --- a/lib/libc/posix1e/mac_biba.c +++ /dev/null @@ -1,218 +0,0 @@ -/* - * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson - * Copyright (c) 2002 Networks Associates Technology, Inc. - * All rights reserved. - * - * This software was developed by Robert Watson for the TrustedBSD Project. - * - * This software was developed for the FreeBSD Project in part by NAI Labs, - * the Security Research Division of Network Associates, Inc. under - * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA - * CHATS research program. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the authors may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD$ - */ - -#include <sys/types.h> -#include <sys/mac.h> - -#include <security/mac_biba/mac_biba.h> - -#include <errno.h> -#include <stdlib.h> -#include <string.h> - -/* - * Biba labels take the following format: - * [optional bibasingle][optional bibarange] - * bibasingle: {low,0-65535,high,equal} - * bibarange: ([bibasingle]-[bibasingle]) - */ - -/* - * Extract mac_biba_element contents from a string. - */ -static int -mac_biba_element_from_string(char *string, struct mac_biba_element *element) -{ - unsigned long value; - char *endp; - int error; - - if (strcmp(string, "low") == 0) { - element->mbe_type = MAC_BIBA_TYPE_LOW; - element->mbe_grade = 0; - error = 0; - } else if (strcmp(string, "high") == 0) { - element->mbe_type = MAC_BIBA_TYPE_HIGH; - element->mbe_grade = 0; - error = 0; - } else if (strcmp(string, "equal") == 0) { - element->mbe_type = MAC_BIBA_TYPE_EQUAL; - element->mbe_grade = 0; - error = 0; - } else { - value = strtoul(string, &endp, 10); - if (*endp == '\0' && value == (u_short) value) { - element->mbe_type = MAC_BIBA_TYPE_GRADE; - element->mbe_grade = value; - error = 0; - } else - error = EINVAL; - } - - return (error); -} - -/* - * Destructively convert a string into a mac_biba. - */ -int -mac_biba_label_from_string(char *string, struct mac *label) -{ - char *string_single, *string_rangelow, *string_rangehigh; - int error; - - bzero(&label->m_biba, sizeof(label->m_biba)); - - /* - * Is a '(' present?, if so check for last character of ')', and - * split into single and range strings after nulling the '(' and - * ')'. Reject if appropriate. - */ - - string_single = strsep(&string, "("); - if (*string_single == '\0' && string == NULL) { - /* No interesting elements to parse, flags already zero'd. */ - return (0); - } - if (string != NULL) { - /* If a '(' was present, last character must be ')'. */ - if (*string == '\0') - return (EINVAL); - if (string[strlen(string)-1] != ')') - return (EINVAL); - string[strlen(string)-1] = '\0'; - } - - /* - * If range is present, split range into rangelow and rangehigh - * based on '-', if present, and nul it. Process range elements. - * Reject if appropriate. - */ - if (string != NULL) { - string_rangehigh = string; - string_rangelow = strsep(&string_rangehigh, "-"); - if (*string_rangelow == '\0' || string_rangehigh == NULL) - return (EINVAL); - error = mac_biba_element_from_string(string_rangelow, - &label->m_biba.mb_rangelow); - if (error) - return (error); - error = mac_biba_element_from_string(string_rangehigh, - &label->m_biba.mb_rangehigh); - if (error) - return (error); - label->m_biba.mb_flags |= MAC_BIBA_FLAG_RANGE; - } - - /* - * If single is present, process single and reject if needed. - */ - if (*string_single != '\0') { - error = mac_biba_element_from_string(string_single, - &label->m_biba.mb_single); - if (error) - return (error); - label->m_biba.mb_flags |= MAC_BIBA_FLAG_SINGLE; - } - - return (0); -} - -static char * -mac_biba_string_from_element(struct mac_biba_element *element) -{ - char *string; - - switch(element->mbe_type) { - case MAC_BIBA_TYPE_LOW: - return (strdup("low")); - - case MAC_BIBA_TYPE_HIGH: - return (strdup("high")); - - case MAC_BIBA_TYPE_EQUAL: - return (strdup("equal")); - - case MAC_BIBA_TYPE_GRADE: - asprintf(&string, "%d", element->mbe_grade); - return (string); - - default: - return (strdup("invalid")); - } -} - -char * -mac_biba_string_from_label(struct mac *label) -{ - char *format_string = NULL; - char *string = NULL, *string_single = NULL, *string_rangelow = NULL; - char *string_rangehigh = NULL; - - if (label->m_biba.mb_flags & MAC_BIBA_FLAG_SINGLE) { - string_single = mac_biba_string_from_element( - &label->m_biba.mb_single); - } - if (label->m_biba.mb_flags & MAC_BIBA_FLAG_RANGE) { - string_rangelow = mac_biba_string_from_element( - &label->m_biba.mb_rangelow); - string_rangehigh = mac_biba_string_from_element( - &label->m_biba.mb_rangehigh); - } - - if (string_rangelow && string_single) { - asprintf(&string, "%s(%s-%s)", string_single, string_rangelow, - string_rangehigh); - } else if (string_rangelow) { - asprintf(&string, "(%s-%s)", string_rangelow, - string_rangehigh); - } else if (string_single) { - asprintf(&string, "%s", string_single); - } else - string = strdup(""); - - if (string_single) - free(string_single); - if (string_rangelow) - free(string_rangelow); - if (string_rangehigh) - free(string_rangehigh); - - return (string); -} diff --git a/lib/libc/posix1e/mac_internal.h b/lib/libc/posix1e/mac_internal.h deleted file mode 100644 index 20c46b3..0000000 --- a/lib/libc/posix1e/mac_internal.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson - * Copyright (c) 2002 Networks Associates Technology, Inc. - * All rights reserved. - * - * This software was developed by Robert Watson for the TrustedBSD Project. - * - * This software was developed for the FreeBSD Project in part by NAI Labs, - * the Security Research Division of Network Associates, Inc. under - * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA - * CHATS research program. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the authors may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD$ - */ - -/* - * Eventually, these per-policy interfaces will be handled via a - * standard userland MAC module interface. - */ - -int mac_biba_label_from_string __P((char *string, struct mac *label)); -char *mac_biba_string_from_label __P((struct mac *label)); -int mac_mls_label_from_string __P((char *string, struct mac *label)); -char *mac_mls_string_from_label __P((struct mac *label)); -int mac_te_label_from_string __P((char *string, struct mac *label)); -char *mac_te_string_from_label __P((struct mac *label)); diff --git a/lib/libc/posix1e/mac_mls.c b/lib/libc/posix1e/mac_mls.c deleted file mode 100644 index 78d7b99..0000000 --- a/lib/libc/posix1e/mac_mls.c +++ /dev/null @@ -1,218 +0,0 @@ -/* - * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson - * Copyright (c) 2002 Networks Associates Technology, Inc. - * All rights reserved. - * - * This software was developed by Robert Watson for the TrustedBSD Project. - * - * This software was developed for the FreeBSD Project in part by NAI Labs, - * the Security Research Division of Network Associates, Inc. under - * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA - * CHATS research program. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the authors may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD$ - */ - -#include <sys/types.h> -#include <sys/mac.h> - -#include <security/mac_mls/mac_mls.h> - -#include <errno.h> -#include <stdlib.h> -#include <string.h> - -/* - * MLS labels take the following format: - * [optional mlssingle][optional mlsrange] - * mlssingle: {low,0-65535,high,equal} - * mlsrange: ([mlssingle]-[mlssingle]) - */ - -/* - * Extract mac_mls_element contents from a string. - */ -static int -mac_mls_element_from_string(char *string, struct mac_mls_element *element) -{ - unsigned long value; - char *endp; - int error; - - if (strcmp(string, "low") == 0) { - element->mme_type = MAC_MLS_TYPE_LOW; - element->mme_level = 0; - error = 0; - } else if (strcmp(string, "high") == 0) { - element->mme_type = MAC_MLS_TYPE_HIGH; - element->mme_level = 0; - error = 0; - } else if (strcmp(string, "equal") == 0) { - element->mme_type = MAC_MLS_TYPE_EQUAL; - element->mme_level = 0; - error = 0; - } else { - value = strtoul(string, &endp, 10); - if (*endp == '\0' && value == (u_short) value) { - element->mme_type = MAC_MLS_TYPE_LEVEL; - element->mme_level = value; - error = 0; - } else - error = EINVAL; - } - - return (error); -} - -/* - * Destructively convert a string into a mac_mls. - */ -int -mac_mls_label_from_string(char *string, struct mac *label) -{ - char *string_single, *string_rangelow, *string_rangehigh; - int error; - - bzero(&label->m_mls, sizeof(label->m_mls)); - - /* - * Is a '(' present?, if so check for last character of ')', and - * split into single and range strings after nulling the '(' and - * ')'. Reject if appropriate. - */ - - string_single = strsep(&string, "("); - if (*string_single == '\0' && string == NULL) { - /* No interesting elements to parse, flags already zero'd. */ - return (0); - } - if (string != NULL) { - /* If a '(' was present, last character must be ')'. */ - if (*string == '\0') - return (EINVAL); - if (string[strlen(string)-1] != ')') - return (EINVAL); - string[strlen(string)-1] = '\0'; - } - - /* - * If range is present, split range into rangelow and rangehigh - * based on '-', if present, and nul it. Process range elements. - * Reject if appropriate. - */ - if (string != NULL) { - string_rangehigh = string; - string_rangelow = strsep(&string_rangehigh, "-"); - if (*string_rangelow == '\0' || string_rangehigh == NULL) - return (EINVAL); - error = mac_mls_element_from_string(string_rangelow, - &label->m_mls.mm_rangelow); - if (error) - return (error); - error = mac_mls_element_from_string(string_rangehigh, - &label->m_mls.mm_rangehigh); - if (error) - return (error); - label->m_mls.mm_flags |= MAC_MLS_FLAG_RANGE; - } - - /* - * If single is present, process single and reject if needed. - */ - if (*string_single != '\0') { - error = mac_mls_element_from_string(string_single, - &label->m_mls.mm_single); - if (error) - return (error); - label->m_mls.mm_flags |= MAC_MLS_FLAG_SINGLE; - } - - return (0); -} - -static char * -mac_mls_string_from_element(struct mac_mls_element *element) -{ - char *string; - - switch(element->mme_type) { - case MAC_MLS_TYPE_LOW: - return (strdup("low")); - - case MAC_MLS_TYPE_HIGH: - return (strdup("high")); - - case MAC_MLS_TYPE_EQUAL: - return (strdup("equal")); - - case MAC_MLS_TYPE_LEVEL: - asprintf(&string, "%d", element->mme_level); - return (string); - - default: - return (strdup("invalid")); - } -} - -char * -mac_mls_string_from_label(struct mac *label) -{ - char *format_string = NULL; - char *string = NULL, *string_single = NULL, *string_rangelow = NULL; - char *string_rangehigh = NULL; - - if (label->m_mls.mm_flags & MAC_MLS_FLAG_SINGLE) { - string_single = mac_mls_string_from_element( - &label->m_mls.mm_single); - } - if (label->m_mls.mm_flags & MAC_MLS_FLAG_RANGE) { - string_rangelow = mac_mls_string_from_element( - &label->m_mls.mm_rangelow); - string_rangehigh = mac_mls_string_from_element( - &label->m_mls.mm_rangehigh); - } - - if (string_rangelow && string_single) { - asprintf(&string, "%s(%s-%s)", string_single, string_rangelow, - string_rangehigh); - } else if (string_rangelow) { - asprintf(&string, "(%s-%s)", string_rangelow, - string_rangehigh); - } else if (string_single) { - asprintf(&string, "%s", string_single); - } else - string = strdup(""); - - if (string_single) - free(string_single); - if (string_rangelow) - free(string_rangelow); - if (string_rangehigh) - free(string_rangehigh); - - return (string); -} diff --git a/lib/libc/posix1e/mac_sebsd.c b/lib/libc/posix1e/mac_sebsd.c deleted file mode 100644 index 5a152bd..0000000 --- a/lib/libc/posix1e/mac_sebsd.c +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson - * Copyright (c) 2002 Networks Associates Technology, Inc. - * All rights reserved. - * - * This software was developed by Robert Watson for the TrustedBSD Project. - * - * This software was developed for the FreeBSD Project in part by NAI Labs, - * the Security Research Division of Network Associates, Inc. under - * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA - * CHATS research program. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the authors may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD$ - */ - -#include <sys/types.h> -#include <sys/mac.h> - -#include <errno.h> -#include <stdlib.h> -#include <string.h> - -/* - * SEBSD labels consist of a single psid_t. - */ - -int -mac_sebsd_label_from_string(char *string, struct mac *label) -{ - - bzero(&label->m_sebsd, sizeof(label->m_sebsd)); - return (sscanf(string, "%u", &label->m_sebsd.ms_psid) == 1 ? 0 - : errno); -} - -char * -mac_sebsd_string_from_label(struct mac *label) -{ - char *ret; - - asprintf(&ret, "%u", label->m_sebsd.ms_psid); - return (ret); -} diff --git a/lib/libc/posix1e/mac_te.c b/lib/libc/posix1e/mac_te.c deleted file mode 100644 index c3e3f5e..0000000 --- a/lib/libc/posix1e/mac_te.c +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson - * Copyright (c) 2002 Networks Associates Technology, Inc. - * All rights reserved. - * - * This software was developed by Robert Watson for the TrustedBSD Project. - * - * This software was developed for the FreeBSD Project in part by NAI Labs, - * the Security Research Division of Network Associates, Inc. under - * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA - * CHATS research program. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the authors may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD$ - */ - -#include <sys/types.h> -#include <sys/mac.h> - -#include <errno.h> -#include <stdlib.h> -#include <string.h> - -/* - * TE labels simply consist of the typename. The type length may - * be zero indicating that the text form did not include a type, - * but the string length must not exceed the length limit in the label. - */ - -int -mac_te_label_from_string(char *string, struct mac *label) -{ - - bzero(&label->m_te, sizeof(label->m_te)); - if (strlcpy(label->m_te.mt_type, string, - sizeof(label->m_te.mt_type)) >= sizeof(label->m_te.mt_type)) - return (EINVAL); - return (0); -} - -char * -mac_te_string_from_label(struct mac *label) -{ - - return (strdup(label->m_te.mt_type)); -} diff --git a/lib/libc/posix1e/mac_text.c b/lib/libc/posix1e/mac_text.c index c244fdc..9c72c14 100644 --- a/lib/libc/posix1e/mac_text.c +++ b/lib/libc/posix1e/mac_text.c @@ -41,204 +41,20 @@ #include <sys/mac.h> #include <errno.h> -#include <stdio.h> -#include <string.h> - -#include "mac_internal.h" - -/* - * POSIX.1e does not define a text format for MAC label string conversions. - * We use the following format: - * - * label: policyname/policyvalue{,...} - * - * Each policy is responsible for parsing policyvalue on its own, although - * policies must not use '/' or ',' in their text representation. Currently - * supported policies are "biba, "mls", "te". - */ - -#define STRING_LISTSEP "," -#define STRING_ELEMENTSEP "/" - -#define STRING_BIBA "biba" -#define STRING_MLS "mls" -#define STRING_TE "te" +#include <stdlib.h> char * mac_to_text(struct mac *mac_p, size_t *len_p) { - char *biba = NULL, *mls = NULL, *string = NULL, *te = NULL; - int len = -1, before; - - biba = mac_biba_string_from_label(mac_p); - if (biba == NULL) - goto out; - - mls = mac_mls_string_from_label(mac_p); - if (mls == NULL) - goto out; - - te = mac_te_string_from_label(mac_p); - if (te == NULL) - goto out; - - len = 0; - if (strlen(biba) != 0) - len += strlen(STRING_LISTSEP) + strlen(STRING_BIBA) + - strlen(STRING_ELEMENTSEP) + strlen(biba); - if (strlen(mls) != 0) - len += strlen(STRING_LISTSEP) + strlen(STRING_MLS) + - strlen(STRING_ELEMENTSEP) + strlen(mls); - if (strlen(te) != 0) - len += strlen(STRING_LISTSEP) + strlen(STRING_TE) + - strlen(STRING_ELEMENTSEP) + strlen(te); - - if (len == 0) { - string = strdup(""); - goto out; - } - - string = (char *) malloc(len+1); - if (string == NULL) - return (NULL); - len = 0; - before = 0; - - if (strlen(biba) != 0) { - if (before) - len += sprintf(string + len, "%s", STRING_LISTSEP); - len += sprintf(string + len, "%s%s%s", STRING_BIBA, - STRING_ELEMENTSEP, biba); - before = 1; - } - if (strlen(mls) != 0) { - if (before) - len += sprintf(string + len, "%s", STRING_LISTSEP); - len += sprintf(string + len, "%s%s%s", STRING_MLS, - STRING_ELEMENTSEP, mls); - before = 1; - } - if (strlen(te) != 0) { - if (before) - len += sprintf(string + len, "%s", STRING_LISTSEP); - len += sprintf(string + len, "%s%s%s", STRING_TE, - STRING_ELEMENTSEP, te); - before = 1; - } - -out: - if (biba != NULL) - free(biba); - if (mls != NULL) - free(mls); - if (te != NULL) - free(te); - - if (len != -1 && len_p != NULL) - *len_p = len; - - return (string); + errno = EINVAL; + return (NULL); } struct mac * mac_from_text(const char *text_p) { - struct mac *label; - char *local_string, *next_token, *token, *tmp; - char *policy_name, *policy_value; - int biba_seen = 0, mls_seen = 0, te_seen = 0; - int error; - - /* - * Parse into three assignments, determine which assignments - * they are and recurse appropriately, and reject if there are - * not the right assignments (or duplicates). - */ - - label = (struct mac *) malloc(sizeof(*label)); - if (label == NULL) { - errno = ENOMEM; - goto exit1; - } - label->m_macflags = 0; - label->m_macflags |= MAC_FLAG_INITIALIZED; - - local_string = strdup(text_p); - if (local_string == NULL) { - errno = ENOMEM; - goto exit2; - } - - next_token = local_string; - while ((token = strsep(&next_token, STRING_LISTSEP)) != NULL) { - - policy_value = token; - policy_name = strsep(&policy_value, STRING_ELEMENTSEP); - - if (strcmp(policy_name, STRING_BIBA) == 0) { - error = mac_biba_label_from_string(policy_value, - label); - if (error) { - errno = error; - goto exit2; - } - biba_seen++; - } else if (strcmp(policy_name, STRING_MLS) == 0) { - error = mac_mls_label_from_string(policy_value, - label); - if (error) { - errno = error; - goto exit2; - } - mls_seen++; - } else if (strcmp(policy_name, STRING_TE) == 0) { - error = mac_te_label_from_string(policy_value, label); - if (error) { - errno = error; - goto exit2; - } - te_seen++; - } else { - errno = EINVAL; - goto exit2; - } - } - - if (biba_seen == 0) { - error = mac_biba_label_from_string("", label); - if (error) { - errno = error; - goto exit2; - } - } - if (mls_seen == 0) { - error = mac_mls_label_from_string("", label); - if (error) { - errno = error; - goto exit2; - } - } - if (te_seen == 0) { - error = mac_te_label_from_string("", label); - if (error) { - errno = error; - goto exit2; - } - } - - if (biba_seen > 1 || mls_seen > 1 || te_seen > 1) { - errno = EINVAL; - goto exit2; - } - - /* Success. */ - goto exit1; -exit2: - free(label); - label = NULL; -exit1: - free(local_string); - return (label); + errno = EINVAL; + return (NULL); } |